Session Spoofing

General Discussion
Prev 1 18 19 20 26 Next
06/05/2012 12:58 PMPosted by MutantMonkey


IF they got found out. And get real, most people wouldn't care, they would brush it off. People would be mad, some may stop buying Blizzard products but if you seriously think that the PR nightmare would be worse then the possible destruction of their RMAH then you are wrong.

You have no clue how real corporations run and how real corporate decisions are made. It maybe best if you stay firmly planted in your reality. I think you would be very unhappy if you came to the real world.


I have a very good idea at how corporations work.

If you look at what goes on around the country and how hard it is to hide certain things, particularly security breaches related to account info, as they end up leaving a paper trail, you would have a better understanding at how this works.

Your backhanded insults will not save you from this argument. You simply do not know what you are talking about relating to Blizzard and with the comparisons you have tried to draw, you know very little about how other organizations work and their current legal statuses.



The % is not really relevant. In WWII, only 2.5% of the population died. Does that make it any less significant? 10,000 people is A LOT of people for this problem to be happening to.


The % is relevant, whether you like it or not. And trying to draw a comparison between account compromises and loss of life is absolutely disgusting.


I'm sorry what % would you like me to compare it to, to make you realize a big number is still a big number?


Look at the total % affected. It is extremely small.


The % is not really relevant. In WWII, only 2.5% of the population died. Does that make it any less significant? 10,000 people is A LOT of people for this problem to be happening to.
When you're looking for a pattern, such as the number of players being hacked, the % matters. Your argument is a strawman.

You are trying to argue that because all of these players got hacked is the proof that there is something more going on, so if you want to use that as your proof, then you have to look at the statistical %.
i'm not sure if you've actually read any steamguard reports but that service is very efficient at keeping accounts compromised in most cases.
Lets say there are 100 complaints on the boards. Lets assume that 100 makes up 1% of the total complaints. That equates to 10000 complaints.


Just pulling numbers out of the air there, huh?

Fact remains that 80% of the posts on the forums are complaints, and 15%-25% of those are people complaining about being hacked. These are called statistics, and are representative of the entire player base of the game.

I am sure if 80% of the posts on the forums were positive, you would be the first to say that 80% of players love the game, rather than saying they are a vocal minority.


I made it very clear that is what I was doing simply to make a point. When you see a phrase like "lets say" that should be pretty clear.

As to your assertion that 15-25% of the complaints here are about this, how exactly did you come to that conclusion? While I do see various topics made about the subject, very few of the people participating in those topics are reporting the same issue.



I have a very good idea at how corporations work.

If you look at what goes on around the country and how hard it is to hide certain things, particularly security breaches related to account info, as they end up leaving a paper trail, you would have a better understanding at how this works.

Your backhanded insults will not save you from this argument. You simply do not know what you are talking about relating to Blizzard and with the comparisons you have tried to draw, you know very little about how other organizations work and their current legal statuses.



The % is relevant, whether you like it or not. And trying to draw a comparison between account compromises and loss of life is absolutely disgusting.


I'm sorry what % would you like me to compare it to, to make you realize a big number is still a big number?


A number out of context is meaningless.
06/05/2012 01:03 PMPosted by Khagan
It's always funny when these "IT professionals" just know session spoofing is happening even when we KNOW for a fact that NO account with a physical or mobile authenticator has been compromised. The authenticator is another part of the authentication process and has NOTHING do with the session itself, so if session spoofing like the OP describes is happening an authenticator wouldn't provide any protection at all. Doh!

Got proof? Of course not. And authenticators are indeed part of the session. You can't create a session without passing an authenticator check.

Otherwise, how would you be able to ah...login?
06/05/2012 01:05 PMPosted by kweagle
Lets say there are 100 complaints on the boards. Lets assume that 100 makes up 1% of the total complaints. That equates to 10000 complaints.


Just pulling numbers out of the air there, huh?

Fact remains that 80% of the posts on the forums are complaints, and 15%-25% of those are people complaining about being hacked. These are called statistics, and are representative of the entire player base of the game.

I am sure if 80% of the posts on the forums were positive, you would be the first to say that 80% of players love the game, rather than saying they are a vocal minority.


More likely referral bias at play.

I'm not sure it's wholly correct to call posts on the forums "representative of the entire player base". More accurate to call them representative of the players on the forums.

You leave out the very real possibility that players who are not posting on the forums may have very different opinions and experiences.

Qualifying your sampling shouldn't be seen as weakening the results. If anything, it helps to properly scope your results and note potential bias. 8)

love,
shmoo
Logged in today. Barbarian stripped naked, all gold gone, all gear gone. Me so sad, me play no more
06/05/2012 12:17 PMPosted by claniraq
Even so, we're continuing to investigate related reports. If you believe you possess solid evidence of some sort of "hack," then please relay that information to our support representatives as soon as possible, or email hacks@blizzard.com. In the meantime, if you don't possess such evidence, we ask that you please refrain from spreading hearsay.


This sounds strangely like a plea for help


Hey. When are you going to hack my account? Or have you retracted your statement again and now you dont have acces to the hack, you just think you know what is going down?.

Come on, pal, i am waiting. I gave you everything you claimed you needed to hack an account almost a week ago and i am still golden.
06/05/2012 01:09 PMPosted by Mashi
It's always funny when these "IT professionals" just know session spoofing is happening even when we KNOW for a fact that NO account with a physical or mobile authenticator has been compromised. The authenticator is another part of the authentication process and has NOTHING do with the session itself, so if session spoofing like the OP describes is happening an authenticator wouldn't provide any protection at all. Doh!

Got proof? Of course not. And authenticators are indeed part of the session. You can't create a session without passing an authenticator check.

Otherwise, how would you be able to ah...login?
Yea his post contradicted himself. Once the session is established, the logon credentials are no longer required, so if it was session spoofing, authenticator wouldn't matter.

That said, there simply isn't anything to prove that it's session spoofing. This isn't blizzard's first rodeo...
06/05/2012 01:03 PMPosted by Khagan
when we KNOW for a fact that NO account with a physical or mobile authenticator has been compromised.


How do you know this for a fact?


The % is not really relevant. In WWII, only 2.5% of the population died. Does that make it any less significant? 10,000 people is A LOT of people for this problem to be happening to.
When you're looking for a TREND, the % matters. Your argument is a strawman.

You are trying to argue that a TREND is the proof that there is something more going on, so if you want to use that as your proof, then you have to look at the statistical % of said trend.


I'm sorry did you just say that being hacked is a trend?
Here is the link, it contains everything you need to know, read before it is taken down.

http://www.cinemablend.com/games/Diablo-3-Session-Spoofing-Real-Do-Join-Public-Games-43162.html


Everything you read on the internet is real.

/sarcasm
Also

If "session spoofing," or any other way of compromise without logging in, was really a thing, then an authenticator would be no protection at all, and eventually someone with an authenticator would be hacked. Please consider the following.

Blizzard has told us that no accounts with an attached authenticator have been compromised. Let's assume that most people don't have authenticators. Let's assume that 5% of people have one. Further, let's assume that 100,000 people have been hacked, which was a number thrown around on this forum, and that hackings are completely random, and having or not having an authenticator doesn't make you any more or less likely to be targeted with this alleged security loophole.

The formula for determining the chance that an event will not have happened over n chances is (1-[the percentage chance of the event occuring])^n, or in this case (1-.05)^100,000, or .95^100,000. So, that means that over 100,000 "hacks," assuming 5% of the population has an authenticator, the chance that randomly, no one with an authenticator would have been hacked is essentially 0. Feel free to do it yourself, and insert whatever number you want. Even if only 1,000 people had been hacked, the chance of none of those people having an authenticator would be 5.29182275 × 10^-23, or astronomically small. Even if we decrease the number of people who have an authenticator to 1% of the population, and still assume 100,000 hacks (since people are arguing it's super widespread), .99^100,000 still equals essentially 0.

When you're looking for a TREND, the % matters. Your argument is a strawman.

You are trying to argue that a TREND is the proof that there is something more going on, so if you want to use that as your proof, then you have to look at the statistical % of said trend.


I'm sorry did you just say that being hacked is a trend?
BLAH meant to say pattern.
You do something enough times that it just becomes automatic, like when you get E-mails from Blizzard you click the link and go to their webpage,oops look it isn't their webpage, but the nuances are so small that you didn't notice. You've gone to the Battlenet.net login screen a thousand times but oops you didn't notice that you just went to battlenet.net instead of battle.net, yet it looks the same so you login in as you usually do.
You've been phished


You assume people are not aware of phishing. I NEVER click a link in an email that I was not expecting to get. If you get an email from blizzard, your bank, paypal, whatever, saying that you need to do something with your account. You open your browser window,s and you type in the address yourself and log in. Anyone who is aware of phishing knows that you should be using this route.

Only time you should be clicking links in emails is when you have to in order to authenticate a new account you have made, in which case you should be expecting the email to come from a certain site at a certain time. Unless the site you are signing up for is not legit, you should not have an issue.

If you do sign up for sites you are not sure of, this is why you have a secondary "junk" email account. So your main email is never exposed.
06/05/2012 01:09 PMPosted by MutantMonkey


Just pulling numbers out of the air there, huh?

Fact remains that 80% of the posts on the forums are complaints, and 15%-25% of those are people complaining about being hacked. These are called statistics, and are representative of the entire player base of the game.

I am sure if 80% of the posts on the forums were positive, you would be the first to say that 80% of players love the game, rather than saying they are a vocal minority.


I made it very clear that is what I was doing simply to make a point. When you see a phrase like "lets say" that should be pretty clear.

As to your assertion that 15-25% of the complaints here are about this, how exactly did you come to that conclusion? While I do see various topics made about the subject, very few of the people participating in those topics are reporting the same issue.



I'm sorry what % would you like me to compare it to, to make you realize a big number is still a big number?


A number out of context is meaningless.


well I have 3.14 reasons why that's not true
Fact: Sony got hacked
Fact: Sony covered it up
Fact: People found out anyway and got really mad at Sony.
Fact: Sony gave away free stuff and the general population said "Oh look, a squirrel!"

Everyone knows about this. Blizzard included. If it was on their side and they are lying about it, once it out (not if, but when) every one will be pissed and only trying to dissuade the public will help them.

Or they could be telling the truth and there is no hack.

I believe point 2, since they have never given me reason to believe that they are lying to us.
06/05/2012 01:07 PMPosted by Drumith


Just pulling numbers out of the air there, huh?

Fact remains that 80% of the posts on the forums are complaints, and 15%-25% of those are people complaining about being hacked. These are called statistics, and are representative of the entire player base of the game.

I am sure if 80% of the posts on the forums were positive, you would be the first to say that 80% of players love the game, rather than saying they are a vocal minority.


If you believe that the forums are representative of the entire player base, I have a piece of land on the moon I want to sell you.


And yet is most posts were positive, you would be adamant that the player base feels the same way. Double standard much?


I made it very clear that is what I was doing simply to make a point. When you see a phrase like "lets say" that should be pretty clear.

As to your assertion that 15-25% of the complaints here are about this, how exactly did you come to that conclusion? While I do see various topics made about the subject, very few of the people participating in those topics are reporting the same issue.

[quote]

I'm sorry what % would you like me to compare it to, to make you realize a big number is still a big number?


A number out of context is meaningless.


you think there's no difference between 1 and 10,000? unless theres some "context" to it? lol

Join the Conversation

Return to Forum